Skip to content

Commit

Permalink
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
Browse files Browse the repository at this point in the history
  • Loading branch information
@ewestbrook
ewestbrook committed Aug 28, 2018
1 parent 050cdc6 commit df7ff6e
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions net/netfilter/ipset/ip_set_hash_netportnet.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,13 +213,13 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],

if (tb[IPSET_ATTR_CIDR]) {
e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!e.cidr[0] || e.cidr[0] > HOST_MASK)
if (e.cidr[0] > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR;
}

if (tb[IPSET_ATTR_CIDR2]) {
e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]);
if (!e.cidr[1] || e.cidr[1] > HOST_MASK)
if (e.cidr[1] > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR;
}

Expand Down Expand Up @@ -493,13 +493,13 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],

if (tb[IPSET_ATTR_CIDR]) {
e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]);
if (!e.cidr[0] || e.cidr[0] > HOST_MASK)
if (e.cidr[0] > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR;
}

if (tb[IPSET_ATTR_CIDR2]) {
e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]);
if (!e.cidr[1] || e.cidr[1] > HOST_MASK)
if (e.cidr[1] > HOST_MASK)
return -IPSET_ERR_INVALID_CIDR;
}

Expand Down

0 comments on commit df7ff6e

Please sign in to comment.